[Buildroot] [PATCH 1/1] package/squid: security bump to version 4.11

Peter Korsgaard peter at korsgaard.com
Sun May 10 19:31:05 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2020-11945: An issue was discovered in Squid before 5.0.2. A
 > remote attacker can replay a sniffed Digest Authentication nonce to gain
 > access to resources that are otherwise forbidden. This occurs because
 > the attacker can overflow the nonce reference counter (a short integer).
 > Remote code execution may occur if the pooled token credentials are
 > freed (instead of replayed as valid credentials).

 > http://www.squid-cache.org/Advisories/SQUID-2020_4.txt

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2020.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list